サイトマップ

質問掲示板トップへ     PC診断フォーラム     フォーラムトップへ


(現在 過去ログ6 を表示中)

HOME HELP 新規作成 新着記事 トピック表示 ファイル一覧 検索 過去ログ 旧過去ログ

[ 最新記事及び返信フォームをトピックトップへ ]

■1605 / inTopicNo.1)  健康診断お願いします。
  
□投稿者/ ワン -(2008/12/10(Wed) 15:41:09)
    健康診断をお願いします。
    SpyBotのウィンドウが開き、wextract_cleanup0というのが表示があったので、許可せず閉じました。
    先日Revoウィルスを発見して消したところではあるのですが、ちょっと不安です。
    お忙しいところ申し訳ありませんが、よろしくお願いします。




    ----------Hijack This----------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:31:32, on 2008/12/10
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Corega\client utility\gtwpssrv.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Corega\client utility\WLService.exe
    C:\Program Files\Corega\client utility\resCrgEx.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Corega\client utility\CrgUtil.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\【user】\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Xelo\PDFDriver2\assistxpdf2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
    C:\Documents and Settings\【user】\デスクトップ\HiJackThis\HijackThis.exe

    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\ypho.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: CiPROIEhelper Class - {A65852E0-2E2B-4A45-B9DC-52B97224F0C9} - C:\Program Files\CaptIt4\CiToolbar\CiPROIEHob.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: CaptureItPRO - {86A10B79-8C1C-4BEC-914B-BFC1450CB944} - C:\Program Files\CaptIt4\CiToolbar\CiPROIEToolBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
    O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
    O4 - HKLM\..\Run: [UIRESIDENT] C:\Program Files\Corega\client utility\CrgUtil.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\【user】\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Adobe PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Yahoo!ツールバーに追加 - res://C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll/script_search.htm
    O8 - Extra context menu item: リンクの参照先を Adobe PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: リンクの参照先を既存の PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 既存の PDF に追加 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 選択したリンクを Adobe PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: 選択したリンクを既存の PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: 選択項目を Adobe PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 選択項目を既存の PDF に変換 - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.1.212/officescan/console/ClientInstall/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.1.212/officescan/console/ClientInstall/setup.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.1.212/officescan/console/ClientInstall/RemoveCtrl.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Adobe Version Cue CS3 {ja_JP} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Corega\client utility\gtwpssrv.exe
    O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Corega\client utility\jswpsapi.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: RESCRGEX - Unknown owner - C:\Program Files\Corega\client utility\WLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

    --
    End of file - 12697 bytes

    ---------Uninstall Log---------

    ----- HKLM -----

    "DisplayName"="Windows XP セキュリティ更新 (KB958644)"
    "DisplayName"="Windows Internet Explorer 7 セキュリティ更新 (KB958215)"
    "DisplayName"="Windows XP セキュリティ更新 (KB957097)"
    "DisplayName"="Windows XP セキュリティ更新 (KB957095)"
    "DisplayName"="Windows XP セキュリティ更新 (KB956841)"
    "DisplayName"="Windows XP セキュリティ更新 (KB956803)"
    "DisplayName"="Windows XP セキュリティ更新 (KB956802)"
    "DisplayName"="Windows XP セキュリティ更新 (KB956391)"
    "DisplayName"="Windows Internet Explorer 7 セキュリティ更新 (KB956390)"
    "DisplayName"="Windows XP 更新 (KB955839)"
    "DisplayName"="Windows XP セキュリティ更新 (KB955069)"
    "DisplayName"="Windows XP セキュリティ更新 (KB954600)"
    "DisplayName"="Windows XP セキュリティ更新 (KB954459)"
    "DisplayName"="MSXML 4.0 SP2 (KB954430)"
    "DisplayName"="Windows XP セキュリティ更新 (KB954211)"
    "DisplayName"="Windows Media Player 11 (KB954154) セキュリティ問題の修正プログラム"
    "DisplayName"="Windows XP セキュリティ更新 (KB953839)"
    "DisplayName"="Windows Internet Explorer 7 セキュリティ更新 (KB953838)"
    "DisplayName"="Windows XP セキュリティ更新 (KB953838)"
    "DisplayName"="Windows XP セキュリティ更新 (KB952954)"
    "DisplayName"="Windows XP ホットフィックス (KB952287)"
    "DisplayName"="Windows Media Player (KB952069) セキュリティ問題の修正プログラム"
    "DisplayName"="Windows XP 更新 (KB951978)"
    "DisplayName"="Windows XP セキュリティ更新 (KB951748)"
    "DisplayName"="Windows XP セキュリティ更新 (KB951698)"
    "DisplayName"="Windows XP セキュリティ更新 (KB951376-v2)"
    "DisplayName"="Windows XP セキュリティ更新 (KB951376)"
    "DisplayName"="Windows XP 更新 (KB951072-v2)"
    "DisplayName"="Windows XP セキュリティ更新 (KB951066)"
    "DisplayName"="Windows XP セキュリティ更新 (KB950974)"
    "DisplayName"="Windows XP セキュリティ更新 (KB950762)"
    "DisplayName"="Windows XP セキュリティ更新 (KB950760)"
    "DisplayName"="Windows XP セキュリティ更新 (KB950759)"
    "DisplayName"="Windows XP セキュリティ更新 (KB946648)"
    "DisplayName"="Windows XP 更新 (KB942763)"
    "DisplayName"="Windows XP (KB941569) セキュリティ問題の修正プログラム"
    "DisplayName"="Windows Media Player 11 (KB939683) ホットフィックス"
    "DisplayName"="Windows XP セキュリティ更新 (KB938464)"
    "DisplayName"="Windows Internet Explorer 7 セキュリティ更新 (KB938127-v2)"
    "DisplayName"="Windows Media Player 11 (KB936782) セキュリティ問題の修正プログラム"
    "DisplayName"="Windows Media Player 9 (KB936782) セキュリティ問題の修正プログラム"
    "DisplayName"="MSXML 4.0 SP2 (KB936181)"
    "DisplayName"="Hotfix for Windows Media Format 11 SDK (KB929399)"
    "DisplayName"="Microsoft .NET Framework 2.0 用の Security Update (KB928365)"
    "DisplayName"="Windows Media Player 6.4 (KB925398) セキュリティ問題の修正プログラム"
    "DisplayName"="Windows XP セキュリティ更新 (KB923789)"
    "DisplayName"="Windows XP (KB923689) セキュリティ問題の修正プログラム"
    "DisplayName"="(KB911854)"
    "DisplayName"="(KB911565)"
    "DisplayName"="Windows Media Player (KB911564) セキュリティ問題の修正プログラム"
    "DisplayName"="(KB907658)"
    "DisplayName"="Windows Genuine Advantage Notifications (KB905474)"
    "DisplayName"="(KB902344)"
    "DisplayName"="(KB900399)"
    "DisplayName"="(KB898549)"
    "DisplayName"="(KB897586)"
    "DisplayName"="(KB895572)"
    "DisplayName"="(KB895316)"
    "DisplayName"="(KB895181)"
    "DisplayName"="(KB893803)"
    "DisplayName"="(KB893241)"
    "DisplayName"="(KB893240)"
    "DisplayName"="(KB892313)"
    "DisplayName"="(KB891122)"
    "DisplayName"="(KB889858)"
    "DisplayName"="(KB888656)"
    "DisplayName"="High Definition Audio Driver Package - KB888111"
    "DisplayName"="(KB887626)"
    "DisplayName"="(KB887078)"
    "DisplayName"="(KB886612)"
    "DisplayName"="(KB885353)"
    "DisplayName"="(KB884267)"
    "DisplayName"="(MSI30-KB884016)"
    "DisplayName"="(MSI30a-KB884016)"
    "DisplayName"="(KB884016)"
    "DisplayName"="Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)"
    "DisplayName"="(AddressBook)"
    "DisplayName"="(Adobe Illustrator CS2)"
    "DisplayName"="(Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC})"
    "DisplayName"="(Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0411-1E257A25E34D})"
    "DisplayName"="(Branding)"
    "DisplayName"="(Connection Manager)"
    "DisplayName"="(DirectAnimation)"
    "DisplayName"="(DirectDrawEx)"
    "DisplayName"="(DXM_Runtime)"
    "DisplayName"="(Fontcore)"
    "DisplayName"="(ICW)"
    "DisplayName"="(IE40)"
    "DisplayName"="(IE4Data)"
    "DisplayName"="(IE5BAKEX)"
    "DisplayName"="(IEData)"
    "DisplayName"="(InstallShield Uninstall Information)"
    "DisplayName"="(MobileOptionPack)"
    "DisplayName"="(MPlayer2)"
    "DisplayName"="(MSI30-Beta1)"
    "DisplayName"="(MSI30-Beta2)"
    "DisplayName"="(MSI30-RC1)"
    "DisplayName"="(MSI30-RC2)"
    "DisplayName"="(MSI31-Beta)"
    "DisplayName"="(MSI31-RC1)"
    "DisplayName"="(Nero - Burning Rom!UninstallKey)"
    "DisplayName"="(NeroBackItUp!UninstallKey)"
    "DisplayName"="(NetMeeting)"
    "DisplayName"="(OutlookExpress)"
    "DisplayName"="(PCHealth)"
    "DisplayName"="(RealJukebox 1.0)"
    "DisplayName"="(SchedulingAgent)"
    "DisplayName"="(ShockwaveFlash)"
    "DisplayName"="(WIC)"
    "DisplayName"="(WMCSetup)"
    "DisplayName"="({2CCBABCB-6427-4A55-B091-49864623C43F})"
    "DisplayName"="({7CB461A1-0840-4245-8ED2-14026F6E256B})"
    "DisplayName"="Acoustica Effects Pack"
    "DisplayName"="Acoustica Mixcraft 4.2"
    "DisplayName"="Adobe Acrobat 8 Professional - Japanese"
    "DisplayName"="Adobe Acrobat 8.1.3 Professional"
    "DisplayName"="Adobe Anchor Service CS3"
    "DisplayName"="Adobe Asset Services CS3"
    "DisplayName"="Adobe Bridge 1.0"
    "DisplayName"="Adobe Bridge CS3"
    "DisplayName"="Adobe Bridge Start Meeting"
    "DisplayName"="Adobe BridgeTalk Plugin CS3"
    "DisplayName"="Adobe Camera Raw 4.0"
    "DisplayName"="Adobe CMaps"
    "DisplayName"="Adobe Color - Photoshop Specific"
    "DisplayName"="Adobe Color Common Settings"
    "DisplayName"="Adobe Color Common Settings"
    "DisplayName"="Adobe Color EU Extra Settings"
    "DisplayName"="Adobe Color JA Recommended Settings"
    "DisplayName"="Adobe Color NA Extra Settings"
    "DisplayName"="Adobe Common File Installer"
    "DisplayName"="Adobe Creative Suite 2"
    "DisplayName"="Adobe Creative Suite 3 Design Premium"
    "DisplayName"="Adobe Creative Suite 3 Design Premium を追加または削除"
    "DisplayName"="Adobe Default Language CS3"
    "DisplayName"="Adobe Device Central CS3"
    "DisplayName"="Adobe Dreamweaver CS3"
    "DisplayName"="Adobe ExtendScript Toolkit 2"
    "DisplayName"="Adobe ExtendScript Toolkit 2"
    "DisplayName"="Adobe Extension Manager CS3"
    "DisplayName"="Adobe Flash CS3"
    "DisplayName"="Adobe Flash Player 10 Plugin"
    "DisplayName"="Adobe Flash Player 9 ActiveX"
    "DisplayName"="Adobe Flash Player ActiveX"
    "DisplayName"="Adobe Flash Video Encoder"
    "DisplayName"="Adobe Fonts All"
    "DisplayName"="Adobe Glyphlet Creation Tool CS3"
    "DisplayName"="Adobe Help Center 1.0"
    "DisplayName"="Adobe Help Viewer CS3"
    "DisplayName"="Adobe Illustrator CS2"
    "DisplayName"="Adobe Illustrator CS3"
    "DisplayName"="Adobe InDesign CS2J"
    "DisplayName"="Adobe InDesign CS3"
    "DisplayName"="Adobe InDesign CS3 Icon Handler"
    "DisplayName"="Adobe Linguistics CS3"
    "DisplayName"="Adobe MotionPicture Color Files"
    "DisplayName"="Adobe PDF Library Files"
    "DisplayName"="Adobe Photoshop 7.0"
    "DisplayName"="Adobe Photoshop CS2"
    "DisplayName"="Adobe Photoshop CS3"
    "DisplayName"="Adobe Reader 8.1.3 - Japanese"
    "DisplayName"="Adobe Setup"
    "DisplayName"="Adobe Setup"
    "DisplayName"="Adobe Setup"
    "DisplayName"="Adobe SGM CS3"
    "DisplayName"="Adobe SING CS3"
    "DisplayName"="Adobe Stock Photos 1.0"
    "DisplayName"="Adobe Stock Photos CS3"
    "DisplayName"="Adobe SVG Viewer 3.0"
    "DisplayName"="Adobe Type Support"
    "DisplayName"="Adobe Update Manager CS3"
    "DisplayName"="Adobe Version Cue CS2"
    "DisplayName"="Adobe Version Cue CS3 Client"
    "DisplayName"="Adobe Version Cue CS3 Server {ko_KR} "
    "DisplayName"="Adobe WAS CS3"
    "DisplayName"="Adobe WinSoft Linguistics Plugin"
    "DisplayName"="Adobe XMP Panels CS3"
    "DisplayName"="AHV content for Acrobat and Flash"
    "DisplayName"="Apple Mobile Device Support"
    "DisplayName"="Apple Software Update"
    "DisplayName"="ATI - Software Uninstall Utility"
    "DisplayName"="ATI Catalyst Control Center"
    "DisplayName"="ATI Display Driver"
    "DisplayName"="ATI Parental Control & Encoder"
    "DisplayName"="B.H.A B's Recorder GOLD BASIC 7.13"
    "DisplayName"="BBブロードキャスト 1.3.10.7352"
    "DisplayName"="Becky! Ver.2"
    "DisplayName"="Bonjour"
    "DisplayName"="Camera RAW Plug-In for EPSON Creativity Suite"
    "DisplayName"="Capture It! PRO 4.1"
    "DisplayName"="Capture It! PRO ツールバー"
    "DisplayName"="Catalyst Control Center - Branding"
    "DisplayName"="Catalyst Control Center Core Implementation"
    "DisplayName"="Catalyst Control Center Graphics Full Existing"
    "DisplayName"="Catalyst Control Center Graphics Full New"
    "DisplayName"="Catalyst Control Center Graphics Light"
    "DisplayName"="Catalyst Control Center Graphics Previews Common"
    "DisplayName"="CCC Help English"
    "DisplayName"="ccc-core-preinstall"
    "DisplayName"="ccc-core-static"
    "DisplayName"="ccc-utility"
    "DisplayName"="CDex extraction audio"
    "DisplayName"="Corega 無線LANクライアントドライバ "
    "DisplayName"="Corega無線クライアントユーティリティ"
    "DisplayName"="DROPCLOCK 1.0.1"
    "DisplayName"="DVD Suite"
    "DisplayName"="DVD2WMV"
    "DisplayName"="eMusic - 50 Free MP3 offer"
    "DisplayName"="EPSON Attach To Email"
    "DisplayName"="EPSON Attach To Email"
    "DisplayName"="EPSON Easy Photo Print"
    "DisplayName"="EPSON File Manager"
    "DisplayName"="EPSON Multi-PrintQuicker"
    "DisplayName"="EPSON PM-G860 活用+サポートガイド"
    "DisplayName"="EPSON Scan Assistant"
    "DisplayName"="EPSON Web-To-Page"
    "DisplayName"="EPSONプリンタドライバ・ユーティリティ"
    "DisplayName"="Express Burn"
    "DisplayName"="FileMaker Pro 9"
    "DisplayName"="FLV Player 2.0 (build 25)"
    "DisplayName"="Folder Size for Windows"
    "DisplayName"="GOM Player"
    "DisplayName"="HijackThis 2.0.2"
    "DisplayName"="i-mode HTML Simulator II"
    "DisplayName"="iTunes"
    "DisplayName"="Java(TM) 6 Update 7"
    "DisplayName"="Kingsoft Office 2007 (6.3.0.1316) [オプトメディア]"
    "DisplayName"="Kingsoft Office 2007 plus (6.3.0.1727)"
    "DisplayName"="Lets EDIT 3D RT"
    "DisplayName"="Lhaplus"
    "DisplayName"="MELCO INC. Link Station ユーティリティ"
    "DisplayName"="Microsoft .NET Framework 2.0"
    "DisplayName"="Microsoft .NET Framework 2.0"
    "DisplayName"="Microsoft Compression Client Pack 1.0 for Windows XP"
    "DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs"
    "DisplayName"="Microsoft National Language Support Downlevel APIs"
    "DisplayName"="Microsoft User-Mode Driver Framework Feature Pack 1.0"
    "DisplayName"="MMCrlf"
    "DisplayName"="MobileMe Control Panel"
    "DisplayName"="Mozilla Firefox (3.0.4)"
    "DisplayName"="Nave The BK - nvplayer ver 0.6.15 - Limited"
    "DisplayName"="Nero 7 Essentials"
    "DisplayName"="neroxml"
    "DisplayName"="OpenOffice.org Installer 1.0"
    "DisplayName"="PDF Settings"
    "DisplayName"="PowerDVD"
    "DisplayName"="QuickTime"
    "DisplayName"="Quintessential Player"
    "DisplayName"="RealPlayer"
    "DisplayName"="REALTEK GbE & FE Ethernet PCI-E NIC Driver"
    "DisplayName"="Realtek High Definition Audio Driver"
    "DisplayName"="RICOH PC FAX ユーティリティー"
    "DisplayName"="RICOH Ridoc Desk Navigator - Ridoc IO Navi"
    "DisplayName"="Safari"
    "DisplayName"="sakura editor(サクラエディタ)"
    "DisplayName"="Skins"
    "DisplayName"="Skype(TM) 3.8"
    "DisplayName"="Spybot - Search & Destroy"
    "DisplayName"="Suite Specific"
    "DisplayName"="TextSS"
    "DisplayName"="Ultra EDIT 2"
    "DisplayName"="VideoFX Transitions Pack"
    "DisplayName"="VideoRecorder DS"
    "DisplayName"="Voice Manager VM200"
    "DisplayName"="WebFldrs XP"
    "DisplayName"="Winamp"
    "DisplayName"="Winamp Remote"
    "DisplayName"="Winamp Toolbar for Firefox"
    "DisplayName"="Winamp Toolbar for Internet Explorer"
    "DisplayName"="Windows Internet Explorer 7"
    "DisplayName"="Windows Media Format 11 runtime"
    "DisplayName"="Windows Media Format 11 runtime"
    "DisplayName"="Windows Media Player 11"
    "DisplayName"="Windows Media Player 11"
    "DisplayName"="Windows XP Service Pack 3"
    "DisplayName"="WMM FLV Encoder Ver 3.00 (Japanese)"
    "DisplayName"="WMM Streaming Video Ver 2.00 (Japanese)"
    "DisplayName"="World of Warcraft FREE Trial"
    "DisplayName"="Yahoo!ツールバー"
    "DisplayName"="「MyEPSON」アシスタント"
    "DisplayName"="「テプラ」PRO PCラベルソフト SPC9C"
    "DisplayName"="「テプラ」PRO SPC9C プリンタドライバ"
    "DisplayName"="拡大印刷 6"
    "DisplayName"="鍵言葉"
    "DisplayName"="瞬簡PDF ZERO v2"
    "DisplayName"="ウイルスバスター Corp.クライアント"
    "DisplayName"="ファイルメーカー Pro 4.1"

    ----- HKCU -----

    "DisplayName"="Google Chrome"

    --- End of uninstallpgnamelist.txt ---
引用返信 [メール受信/OFF] 編集キー/
■1608 / inTopicNo.2)  いくつか・・・
□投稿者/ ひよこ -(2008/12/11(Thu) 14:12:58)
    ログには何も出ていないですけれど・・・

    1.Revoウィルスって、どのようなエントリーが出て分かりました?
    それと、何でどのように駆除されました?
    バスターで防御できなかった?

    2.バスターがコーポレートエディションですが、社用ですか?
    もしくは大学か何かの??
    普通は個人では使えないタイプなんで。それと、有効期限は大丈夫ですか?

    Spybotのメッセージは、多分
    http://www.higaitaisaku.com/kakolog/cbbs.cgi?mode=al2&number=96165&rev=&no=20&KLOG=5
    こちらのRe1で眠さんがおっしゃっているのと同じケースと思います。
    RunOnceが残っているんでしょう。

    3.バスター常駐でTeatimer常駐はまずいです。SDHelperもまずいかもなので、両方解除してください。
    参考↓
    http://www.higaitaisaku.com/spybottool.html
    http://www.higaitaisaku.com/spybottool.html#resident

    バスターの場合トラブルがあるケースが散見されますから、Spybot - Search & Destroyはアンインストールした方が良いかも。

    4.あと、こちらアンインストール。微妙に詐欺風味。
    "DisplayName"="eMusic - 50 Free MP3 offer"

    5.それと、
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    これはRealteckのドライバ同梱のスパイウェアなので、HijackThis以外のすべてのウインドウを閉じてFixしてください。
    参考↓
    http://www.higaitaisaku.com/hijackthis.html#jyokyo

    3〜5を行ってから、1、2のお返事をください。
引用返信 [メール受信/OFF] 編集キー/
■1610 / inTopicNo.3)  Re[2]: いくつか・・・
□投稿者/ ワン -(2008/12/12(Fri) 11:35:25)
    No1608に返信(ひよこさんの記事)

    ひよこさんありがとうございます。

    3〜5は完了いたしました。

    1と2についてですが、


    > ログには何も出ていないですけれど・・・
    >
    > 1.Revoウィルスって、どのようなエントリーが出て分かりました?
    > それと、何でどのように駆除されました?
    > バスターで防御できなかった?

    知人のUSBメモリーを接続した瞬間にSpybotのレジストリ変更確認画面が出たのですが、急いでいたので、許可しました。そのときに表示されていたのがおそらくREVOだったかもしれないと思っています。

    その4時間後くらいから挙動が不安定になったので、msconfigでスタートアップを確認したところREVOを発見しました。

    駆除は下記URLを参考にして行いました。
    http://www.cyber-concierge.co.jp/pc_tama/other/revo.html

    手順どおりに、msconfigのスタートアップのチェックを外し、
    revoなどの該当ファイルを削除し、関連レジストリを手動で削除したという流れになります。

    現在、revoはmsconfigを見るとチェックが外れた状態になっています。




    > 2.バスターがコーポレートエディションですが、社用ですか?
    > もしくは大学か何かの??
    > 普通は個人では使えないタイプなんで。それと、有効期限は大丈夫ですか?

    バスターは社用のものです。有効期限はまだありますので大丈夫だと思います。


    よろしくお願いいたします。
引用返信 [メール受信/OFF] 編集キー/
■1611 / inTopicNo.4)  Re[3]: いくつか・・・
□投稿者/ ひよこ -(2008/12/12(Fri) 13:03:13)

    > 駆除は下記URLを参考にして行いました。
    > http://www.cyber-concierge.co.jp/pc_tama/other/revo.html
    >
    > 手順どおりに、msconfigのスタートアップのチェックを外し、
    > revoなどの該当ファイルを削除し、関連レジストリを手動で削除したという流れになります。
    >
    > 現在、revoはmsconfigを見るとチェックが外れた状態になっています。

    了解しました。
    残骸があるといけないので、一応以下のツールでチェックします。

    1.eScanでスキャンします。
    これはPCによっては時間掛かります。
    http://www.higaitaisaku.com/escan.html
    ログは必ずVirusScanTool2で抽出したものを返信して下さい。

    2.SilentRunners
    使い方は
    http://www.higaitaisaku.com/silentrunners.html
    ダウンロードはここ。
    http://www.silentrunners.org/sr_download.html
    もし、最初の方法でスクリプトが開いてしまうようなら、ここのページの2番目Click here to download a zip file.からZipがダウンロードできますので、解凍して実行してください。
    起動後しばらく何も起きていないように見えますが、それで正常です。
    SilentRunners動作中終了のポップアップが出るまで、決してPCを操作しないでください。

    次回返信時にeScanのVirusScanTool2で抽出したログ、SilentRunnersのログを張ってください。字数制限に引っかかるようなら(大丈夫と思うけど)2返信に分けてください。
引用返信 [メール受信/OFF] 編集キー/
■1615 / inTopicNo.5)  Re[4]: いくつか・・・
□投稿者/ ワン -(2008/12/16(Tue) 08:57:45)
    すみません。時間がかかってしまいました。

    eScanとSilentRunnersのログです。eScanのScan中に一度ウィルス告知が出ました。どうぞよろしくお願いいたします。

    -------------------------------------------------------------

    ----- eScanlog.txt ----

    ***** File system for Adware/Spyware *****

    Offending file found: C:\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\WINDOWS\system32\lp.exe
    System found infected with rapidblaster Spyware/Adware (lp.exe)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\なでしこプログラム\plug-ins\sqlite3.dll
    System found infected with virtualpcguard Corrupted Adware/Spyware (sqlite3.dll)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\africamission2008\images\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15\recruit_mov\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15web\public_html\phpmyadmin\libraries\dbi
    Object "toolbar Spyware/Adware" found in File System
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15web\public_html\recruit_mov\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15071203bk\recruit_mov\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15080407\recruit_mov\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15system_base\division\hh.html
    System found infected with xtractor plus Spyware/Adware (hh.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\15system_base\new\division\hh.html
    System found infected with xtractor plus Spyware/Adware (hh.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\16\webgaia041109\old\division\hh.html
    System found infected with xtractor plus Spyware/Adware (hh.html)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\20\071117\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0312\0312\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0401\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0402\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0402\0402\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0404\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0406\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0406\0404\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0408\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0410\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0412\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\shanai0501\0401\topics\big\npo
    Object "netpal Spyware/Adware" found in File System
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\17\送った者たち\main.exe
    System found infected with desktop scam Trojan-Downloader (main.exe)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050606\event\1.dat
    System found infected with wareout Adware (1.dat)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050606\event\2.dat
    System found infected with wareout Adware (2.dat)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050606\event\3.dat
    System found infected with wareout Adware (3.dat)
    Offending Folder found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050930\cgi-bin\mt\lib\mt\objectdriver\dbi
    Object "toolbar Spyware/Adware" found in File System
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050930\event\1.dat
    System found infected with wareout Adware (1.dat)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050930\event\2.dat
    System found infected with wareout Adware (2.dat)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\18\20050930\event\3.dat
    System found infected with wareout Adware (3.dat)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\19\olddata\yasuda020204\main.exe
    System found infected with desktop scam Trojan-Downloader (main.exe)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081018\19\olddata\yasuda020205\main.exe
    System found infected with desktop scam Trojan-Downloader (main.exe)
    Offending file found: C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081108\player.html
    System found infected with clipgenie Spyware/Adware (player.html)
    Offending Folder found: C:\Documents and Settings\【user】\Local Settings\application data\winamp toolbar\ietoolbar
    Object "softomate toolbar Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\【user】\Local Settings\Application Data\winamp toolbar\ietoolbar
    Object "softomate toolbar Spyware/Adware" found in File System
    Offending Folder found: C:\Documents and Settings\All Users\Application Data\winamp toolbar\ietoolbar
    Object "softomate toolbar Spyware/Adware" found in File System
    Offending Registry Entry found: hklm\software\classes\clsid\madown
    System found infected with combo Spyware/Adware (hklm\software\classes\clsid\madown)
    Offending Registry Entry found: hkcr\clsid\madown
    System found infected with combo Spyware/Adware (hkcr\clsid\madown)
    Offending file found: C:\WINDOWS\system32\optserve.dll
    System found infected with optserve Adware (C:\WINDOWS\system32\optserve.dll)
    Offending file found: C:\WINDOWS\system32\lp.dll
    System found infected with optserve Adware (C:\WINDOWS\system32\lp.dll)
    Offending file found: C:\WINDOWS\system32\optserve.exe
    System found infected with optserve Adware (C:\WINDOWS\system32\optserve.exe)
    Offending file found: C:\WINDOWS\system32\lp.exe
    System found infected with optserve Adware (C:\WINDOWS\system32\lp.exe)
    Offending Registry Entry found: hklm\system\currentcontrolset\services\6to4
    System found infected with combo Spyware/Adware (hklm\system\currentcontrolset\services\6to4)
    Invalid Command Found in {3543da4e-c2af-11dd-8c1d-000a79a751c6}\Shell\AutoRun\command: E:\ampfrb.cmd
    Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3543da4e-c2af-11dd-8c1d-000a79a751c6} !!!
    Invalid Command Found in {789f28fe-bcf6-11dd-8c0c-001fc6b3e2ec}\shell\Autoplay\DropTarget\verb1\command: desktop.exe
    Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{789f28fe-bcf6-11dd-8c0c-001fc6b3e2ec} !!!

    ***** Virus *****

    C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081108\Aptana_Studio_Setup.exe = Virus "NULL.Corrupted"
    C:\Documents and Settings\【user】\デスクトップ\要整理081204\要整理081108\Aptana_Studio_Setup.exe = Virus "NULL.Corrupted"
    J:\WINDOWS\UnXlPdfDrv_ShunkanPDFZERO.exe = Virus "NULL.Corrupted"

    ***** Adware/Spyware *****


    ----- End of eScanlog.txt ----



    ------<ここからSilentRunnersログ>-------------------

    "Silent Runners.vbs", revision 59, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Google Update" = ""C:\Documents and Settings\【user】\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
    "Winlock" = "c:\program files\left arm technology\***\winlock.exe (unwritable string)" ["Left Arm Technology."]
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
    "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
    "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
    "LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]
    "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "OfficeScanNT Monitor" = ""C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow" ["Trend Micro Inc."]
    "JobHisInit" = "C:\Program Files\RMClient\JobHisInit.exe" ["RICOH COMPANY,LTD."]
    "MplSetUp" = "C:\Program Files\RMClient\MplSetUp.exe" ["RICOH COMPANY,LTD."]
    "UIRESIDENT" = "C:\Program Files\Corega\client utility\CrgUtil.exe" [empty string]
    "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "Adobe Version Cue CS2" = ""C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"" ["Adobe Sytems Incorporated"]
    "Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]
    "Adobe_ID0EYTHM" = "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"]
    "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
    "AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
    "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
    "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo!*************" (unwritable string)
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\ypho.dll" ["Yahoo Japan Corporation. "]
    {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader"
    -> {HKLM...CLSID} = "Winamp Toolbar Loader"
    \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
    {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {A65852E0-2E2B-4A45-B9DC-52B97224F0C9}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "CiPROIEhelper Class"
    \InProcServer32\(Default) = "C:\Program Files\CaptIt4\CiToolbar\CiPROIEHob.dll" ["CRAFTEC Corp."]
    {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "EpsonToolBandKicker Class"
    \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
    {EEBA90E6-2B14-413F-9BF8-61A8BDF92258}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo!*********" (unwritable string)
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll" ["Yahoo! JAPAN"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "****** ** CPL **" (unwritable string)
    -> {HKLM...CLSID} = "****** ** CPL **" (unwritable string)
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
    -> {HKLM...CLSID} = "History Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
    -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
    \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    "{01E51A0C-CFD0-4C48-9C7C-4DA07745BC84}" = "Lhaplus Version 1.55. Copyright (C) 2000-2007 Schezo <schezo@kfy.biglobe.ne.jp>."
    -> {HKLM...CLSID} = "Lhaplus Version 1.55. Copyright (C) 2000-2007 Schezo <schezo@kfy.biglobe.ne.jp>."
    \InProcServer32\(Default) = "C:\PROGRA~1\Lhaplus\LplsShlx.dll" [null data]
    "{00A1BC14-07C3-4810-ABF7-73291D156AE1}" = "Lhaplus Version 1.55. Copyright (C) 2000-2007 Schezo <schezo@kfy.biglobe.ne.jp>."
    -> {HKLM...CLSID} = "Lhaplus Version 1.55. Copyright (C) 2000-2007 Schezo <schezo@kfy.biglobe.ne.jp>."
    \InProcServer32\(Default) = "C:\PROGRA~1\Lhaplus\LplsShlx.dll" [null data]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler"
    -> {HKLM...CLSID} = "QIconHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
    -> {HKLM...CLSID} = "SimpleShlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\SYSTEM\CurrentControlSet\Control\WOW\
    <<!>> "cmdline" = "C:\WINDOWS\system32\ntvdm.exe -o" [MS]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {04DAAD08-70EF-450E-834A-DCFAF9B48748}\(Default) = "Folder Size column"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\FolderSize\FolderSizeColumn.dll" ["Brio"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
    -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"]
    Lhaplus\(Default) = "{00A1BC14-07C3-4810-ABF7-73291D156AE1}"
    -> {HKLM...CLSID} = "Lhaplus Version 1.55. Copyright (C) 2000-2007 Schezo <schezo@kfy.biglobe.ne.jp>."
    \InProcServer32\(Default) = "C:\PROGRA~1\Lhaplus\LplsShlx.dll" [null data]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    Lhaplus\(Default) = "{00A1BC14-07C3-4810-ABF7-73291D156AE1}"
    -> {HKLM...CLSID} = "Lhaplus Version 1.55. Copyright (C) 2000-2007 Schezo <schezo@kfy.biglobe.ne.jp>."
    \InProcServer32\(Default) = "C:\PROGRA~1\Lhaplus\LplsShlx.dll" [null data]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    BridgeCS3ImportMediaOnArrival\
    "Provider" = "Adobe Bridge CS3"
    "InvokeProgID" = "Adobe.adobebridge"
    "InvokeVerb" = "launch"
    HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

    EpsonCreativitySuite\
    "Provider" = "FileManager"
    "InvokeProgID" = "EpsonCreativitySuite"
    "InvokeVerb" = "Play"
    HKLM\SOFTWARE\Classes\EpsonCreativitySuite\shell\Play\DropTarget\CLSID = "{7720BCC1-4F11-4f17-A80F-0BB69EF9788F}"
    -> {HKLM...CLSID} = (no title provided)
    \LocalServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\File Manager\eppqcom.exe" [null data]

    iTunesBurnCDOnArrival\
    "Provider" = "iTunes"
    "InvokeProgID" = "iTunes.BurnCD"
    "InvokeVerb" = "burn"
    HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

    iTunesImportSongsOnArrival\
    "Provider" = "iTunes"
    "InvokeProgID" = "iTunes.ImportSongsOnCD"
    "InvokeVerb" = "import"
    HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

    iTunesPlaySongsOnArrival\
    "Provider" = "iTunes"
    "InvokeProgID" = "iTunes.PlaySongsOnCD"
    "InvokeVerb" = "play"
    HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

    iTunesShowSongsOnArrival\
    "Provider" = "iTunes"
    "InvokeProgID" = "iTunes.ShowSongsOnCD"
    "InvokeVerb" = "showsongs"
    HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

    MSWPDShellNamespaceHandler\
    "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
    "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
    "InitCmdLine" = " "
    -> {HKLM...CLSID} = "WPDShextAutoplay"
    \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

    NeroAutoPlay7CDAudio\
    "Provider" = "Nero Express Essentials"
    "InvokeProgID" = "Nero.AutoPlay7"
    "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
    HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

    NeroAutoPlay7CopyCD\
    "Provider" = "Nero Express Essentials"
    "InvokeProgID" = "Nero.AutoPlay7"
    "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
    HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /Dialog:DiscCopy" ["Nero AG"]

    NeroAutoPlay7DataDisc\
    "Provider" = "Nero Express Essentials"
    "InvokeProgID" = "Nero.AutoPlay7"
    "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
    HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

    NeroAutoPlay7LaunchNeroStartSmart\
    "Provider" = "Nero StartSmart Essentials"
    "InvokeProgID" = "Nero.AutoPlay7"
    "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
    HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

    PDVDPlayCDAudioOnArrival\
    "Provider" = "PowerDVD"
    "InvokeProgID" = "AudioCD"
    "InvokeVerb" = "PlayWithPowerDVD"
    HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]

    PDVDPlayDVDMovieOnArrival\
    "Provider" = "PowerDVD"
    "InvokeProgID" = "DVD"
    "InvokeVerb" = "PlayWithPowerDVD"
    HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

    PDVDPlayVCDMovieOnArrival\
    "Provider" = "PowerDVD"
    "InvokeProgID" = "VCD"
    "InvokeVerb" = "PlayWithPowerDVD"
    HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

    PStarterBlankCDArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "BlankCD"
    "InvokeVerb" = "OpenWithPowerStarter"
    HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

    PStarterDVDBurningOnArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "BlankDVD"
    "InvokeVerb" = "OpenWithPowerStarter"
    HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

    PStarterMixedCDArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "MixedContent"
    "InvokeVerb" = "OpenWithPowerStarter"
    HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

    PStarterMusicFilesArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "MusicFiles"
    "InvokeVerb" = "OpenWithPowerStarter"
    HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

    PStarterPicturesArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "Picture"
    "InvokeVerb" = "OpenWithPowerStarter"
    HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

    PStarterPlayCDAudioOnArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "AudioCD"
    "InvokeVerb" = "PlayWithPowerStarter"
    HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]

    PStarterPlayDVDMovieOnArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "DVD"
    "InvokeVerb" = "PlayWithPowerStarter"
    HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]

    PStarterVideoFilesArrival\
    "Provider" = "DVD Suite"
    "InvokeProgID" = "VideoFiles"
    "InvokeVerb" = "OpenWithPowerStarter"
    HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

    RPCDBurningOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.CDBurn.6"
    "InvokeVerb" = "open"
    HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

    RPDeviceOnArrival\
    "Provider" = "RealPlayer"
    "ProgID" = "RealPlayer.HWEventHandler"
    HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
    -> {HKLM...CLSID} = "RealNetworks Scheduler"
    \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

    RPPlayCDAudioOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.AudioCD.6"
    "InvokeVerb" = "play"
    HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

    RPPlayDVDMovieOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.DVD.6"
    "InvokeVerb" = "play"
    HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

    RPPlayMediaOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.AutoPlay.6"
    "InvokeVerb" = "open"
    HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

    WinampMTPHandler\
    "Provider" = "Winamp"
    "ProgID" = "Shell.HWEventHandlerShellExecute"
    "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
    HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
    -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
    \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

    WinampPlayMediaOnArrival\
    "Provider" = "Winamp"
    "InvokeProgID" = "Winamp.File"
    "InvokeVerb" = "Play"
    HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
    HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
    -> {HKLM...CLSID} = (no title provided)
    \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]


    Startup items in "【user】" & "All Users" startup folders:
    ----------------------------------------------------------

    C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ
    "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "XeloPDFDriver2" -> shortcut to: "C:\Program Files\Common Files\Xelo\PDFDriver2\assistxpdf2.exe" ["Xelo, Inc."]


    Enabled Scheduled Tasks:
    ------------------------

    "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
    "GoogleUpdateTaskUser" -> launches: "C:\Documents and Settings\【user】\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 58
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
    -> {HKLM...CLSID} = "Winamp Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"
    -> {HKLM...CLSID} = "EPSON Web-To-Page"
    \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
    "{F2CF5485-4E02-4F68-819C-B92DE9277049}"
    -> {HKLM...CLSID} = "&Links"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
    -> {HKLM...CLSID} = "Winamp Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
    "{86A10B79-8C1C-4BEC-914B-BFC1450CB944}" = "CaptureIt"
    -> {HKLM...CLSID} = "CaptureItPRO"
    \InProcServer32\(Default) = "C:\Program Files\CaptIt4\CiToolbar\CiPROIEToolBar.dll" ["CRAFTEC Corp."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    "{AEF44653-C059-42CB-A5B7-41C640DA4A67}" = "*hI" (unwritable string)
    -> {HKLM...CLSID} = "Yahoo!*****" (unwritable string)
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll" ["Yahoo! JAPAN"]
    "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
    -> {HKLM...CLSID} = "EPSON Web-To-Page"
    \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

    Explorer Bars

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun の Java コンソール"
    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    "MenuText" = "@xpsp3res.dll,-20001"
    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    <<H>> "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" = (no title provided)
    -> {HKLM...CLSID} = "Winamp Search Class"
    \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Adobe Version Cue CS2, Adobe Version Cue CS2, ""C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service" ["Adobe Systems Incorporated"]
    Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]
    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Bonjour **** (unwritable string), Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
    Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
    FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]
    Folder Size, FolderSize, ""C:\Program Files\FolderSize\FolderSizeSvc.exe"" ["Brio"]
    GTWPSSRV, GTWPSService, "C:\Program Files\Corega\client utility\gtwpssrv.exe" [null data]
    iPod **** (unwritable string), iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
    IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
    OfficeScanNT Listener, tmlisten, "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" ["Trend Micro Inc."]
    OfficeScanNT RealTime Scan, ntrtscan, "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" ["Trend Micro Inc."]
    RESCRGEX, RESCRGEX, "C:\Program Files\Corega\client utility\WLService.exe" [null data]


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
    BC ExPrinter Port\Driver = "BcEMonNT2.dll" ["Black Ice Software"]
    Canon BJ Language Monitor MP830\Driver = "CNMLM7Q.DLL" ["CANON INC."]
    Canon MP FAX Language Monitor MP830\Driver = "CNCF2Lb.DLL" ["Canon Inc."]
    EPSON PM-G860 32MonitorBJ\Driver = "E_FLBCKJ.DLL" ["SEIKO EPSON CORPORATION"]
    KING JIM SR520 Language Monitor\Driver = "TEP520LM.DLL" ["KING JIM CO.,LTD"]
    RICOH Language Monitor2\Driver = "rc4mon.dll" ["RICOH CO.,Ltd."]
    Ridoc IO Navi\Driver = "RPNV2MON.DLL" ["RICOH COMPANY,LTD."]
    Xelo PDF Monitor2\Driver = "XPDFMON2.DLL" [null data]


    ---------- (launch time: 2008-12-16 08:51:14)
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 38 seconds, including 14 seconds for message boxes)
引用返信 [メール受信/OFF] 編集キー/
■1616 / inTopicNo.6)  Re[5]: いくつか・・・
□投稿者/ ひよこ -(2008/12/16(Tue) 13:18:37)
    autorunウイルスの断片が出てますね。

    あとはオプトメディアのソフトを使っていませんか?
    これ、アドウェア入りなので、社用で使うには不適切かと思うんですが・・。

    念のため、質問版に移動されてこのスキャン結果と、取り直したHijackThis,Uninstall Logを張って、詳しい方に見ていただいたほうが良いかと思います。
引用返信 [メール受信/OFF] 編集キー/


トピック内ページ移動 / << 0 >>

このトピックに書きこむ

過去ログには書き込み不可

Mode/  Pass/

HOME HELP 新規作成 新着記事 トピック表示 ファイル一覧 検索 過去ログ 旧過去ログ

【TOPに戻る】

- Child Tree -
Mech.Mozilla改)